add SECURITY.md, pointing to GitHub PVR
#88
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (C) Daniel Stenberg, <[email protected]>, et al. | |
| # | |
| # SPDX-License-Identifier: curl | |
| name: 'Source' | |
| 'on': | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| branches: | |
| - master | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} | |
| cancel-in-progress: true | |
| permissions: {} | |
| jobs: | |
| checksrc: | |
| name: 'checksrc' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| persist-credentials: false | |
| - name: 'checksrc' | |
| run: | | |
| # shellcheck disable=SC2046 | |
| scripts/checksrc.pl $(git ls-files '*.c' '*.h') | |
| linters: | |
| name: 'spellcheck, linters, REUSE' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| persist-credentials: false | |
| - name: 'install prereqs' | |
| run: | | |
| /home/linuxbrew/.linuxbrew/bin/brew install shellcheck zizmor | |
| python3 -m venv ~/venv | |
| ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary \ | |
| -r .github/workflows/requirements.txt | |
| - name: 'REUSE check' | |
| run: | | |
| source ~/venv/bin/activate | |
| reuse lint | |
| - name: 'zizmor GHA' | |
| env: | |
| GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}' | |
| run: | | |
| eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" | |
| zizmor --pedantic .github/workflows/*.yml | |
| - name: 'shellcheck' | |
| run: | | |
| eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" | |
| shellcheck --version | |
| # shellcheck disable=SC2046 | |
| shellcheck $(grep -l -E '^#!(/usr/bin/env bash|/bin/sh|/bin/bash)' $(git ls-files)) | |
| - name: 'spacecheck' | |
| run: scripts/spacecheck.pl | |
| - name: 'json check' | |
| run: | | |
| jq < tests.json > tests-expected.json | |
| diff -u tests.json tests-expected.json | |
| - name: 'codespell' | |
| run: | | |
| source ~/venv/bin/activate | |
| codespell --version | |
| codespell README.md RELEASE-NOTES CONTRIBUTING.md trurl.1 trurl.c | |
| - name: 'ruff' | |
| run: | | |
| source ~/venv/bin/activate | |
| ruff --version | |
| # shellcheck disable=SC2046 | |
| ruff check --extend-select=B007,B016,C405,C416,COM818,D200,D213,D204,D401,D415,FURB129,N818,PERF401,PERF403,PIE790,PIE808,PLW0127,Q004,RUF010,SIM101,SIM117,SIM118,TRY400,TRY401 \ | |
| $(git ls-files '*.py') | |
| - name: 'cmakelint' | |
| run: | | |
| source ~/venv/bin/activate | |
| cmake-lint --version | |
| cmake-lint \ | |
| --suppress-decorations \ | |
| --disable \ | |
| --line-width 132 \ | |
| --tab-size 2 \ | |
| --use-tabchars false \ | |
| --disabled-codes C0113 \ | |
| --function-pattern 'trurl_[0-9a-z_]+' \ | |
| --macro-pattern 'trurl_[0-9a-z_]+' \ | |
| --global-var-pattern '[A-Z][0-9A-Z_]+' \ | |
| --internal-var-pattern '_[a-z][0-9a-z_]+' \ | |
| --local-var-pattern '_[a-z][0-9a-z_]+' \ | |
| --private-var-pattern '_[0-9a-z_]+' \ | |
| --public-var-pattern '[A-Z][0-9A-Z_]+' \ | |
| --argument-var-pattern '_[a-z][0-9a-z_]+' \ | |
| --keyword-pattern '[A-Z][0-9A-Z_]+' \ | |
| --max-conditionals-custom-parser 2 \ | |
| --min-statement-spacing 1 \ | |
| --max-statement-spacing 2 \ | |
| --max-returns 6 \ | |
| --max-branches 12 \ | |
| --max-arguments 5 \ | |
| --max-localvars 15 \ | |
| --max-statements 50 \ | |
| CMakeLists.txt |